Category: Zend Framework

We are pleased to announce the immediate availability of Apigility 1.0.0beta1! http://apigility.org/download This is our first beta release of Apigility, marking its initial API stability, and providing a solid preview of what to expect for the first stable release. What is Apigility? Apigility is the world’s easiest way to create and provide secure, well-formed APIs. Apigility provides tools for describing and documenting your APIs, both RESTful and RPC. You can indicate the URL that provides a service, what HTTP methods are allowed, what representations e.g., JSON, HTML, XML can be provided, how many items to present per page of a collection, and more.

I thought I’ll help plug a tool that looks to be quite useful and that is basing their development on direct community input, I’ve made my suggestions hope you do too 🙂

Martin Kulhavy writes; ORM Designer. It’s primary target is to create ORM Definitions fast and easily with the help of visual diagram instead of manually written text definitions.

Most distinctive features allows you to:

Save time and work 4 times faster.

Repeatedly export yourdefinition files.

Import and visualize existing project schemas.

Eliminate errors and the need to look for typos.

Download our 14-day trial version and let us know what you think. If you write a review, we will give you 20% discount off the price of ORM Designer. Either way, let us know, what you think about it. If you found it helpful, and if not, why not. Any feedback is incredibly valuable to us, as we strive to make our product the best we possibly can.

Michael Andrew Davidson writes; So you have discovered ZendServerGateway and you are like, “Wow, this makes web services easy”. However, you quickly discover that there is a little magic behind the scenes, and that this add-on works best within the context of Zend Server 6. That can be a little frustrating, especially if you or your organization does not use Zend Server 6. Never fear, there is a way around this “implied” requirement. In just a moment I will walk the reader through setting up the embedded PHP 5.4 webserver to utilize the ZendServerGateway. All the steps should easily translate to whatever environment you use for serving your PHP pages. I am going to assume a Window environment for development.

Rob Allen writes; If you need different layout scripts to be rendered for different modules in Zend Framework 2, then Evan Coury has made this extremely easy. His new module EdpModuleLayouts is just the ticket!

Once installed, you simply have to add a new array to a config file in the config/autoload folder with the following in it:
array(
'module_layouts' => array(
'Application' => 'layout/application',
'ZfcUser' => 'layout/user',
),
);

i.e. you provide a list of the module name against the layout script to use.

The Zend Framework community is pleased to announce the immediate availability of Zend Framework 2.0.0 STABLE! Packages and installation instructions are available at:http://framework.zend.com/downloads/latest

Gary Hockin writes; After speaking to a prospective employer in a job interview, I was interested to try out the Zend\Mvc\Controller\RestfulController. With Zend_Json_Server in ZF1 having, shall we say, a less than sterling reputation, it was very interesting for me to see how the strategy has been implemented in ZF2.

The starting point for this is simply a completely fresh clone of the ZF2 Skeleton Application. The aim is to simply allow the pre-created index controller to function as a Restful interface.

ZendServer installs PHP CLI as part of the installation, and, as is customary for PHP 4.3+, includes a PEAR installer. It’s a good idea to install PEAR before installing PHPUnit as per the recommendation here.

Open Zend\ZendServer\bin\go-pear.bat and change the line:%PHP_BIN% -d output_buffering=0 -d PEAR\go-pear.pharto (see PHAR Runtime Configuration):%PHP_BIN% -d output_buffering=0 -d phar.require_hash=0 PEAR\go-pear.pharThis will stop the fatal error:phar...does not have a signatureas by default PHP will not process a PHAR archive without a signature.

Run go-pear.bat

For Windows 7, make sure you open the console as an administrator, or the installer won’t be able to create some folders in the default install locations. At the command prompt enter:#cd \program files\zend\zendserver\bin# go-pear.batand you should get something like this (I selected the system-wide install and accepted the default locations):

Matthew Setter writes a very interesting article; Ok, so you’re pretty comfortable with using the Zend Framework, specifically the use of Forms. Along with that, you have a good working knowledge of how to combine a host of standard validators such as CreditCard, EmailAddress, Db_RecordExists, and Hex, and standard filterssuch as Compress/Decompress, BaseName, Encrypt, and RealPath. But what do you do when a situation arises that’s outside the scope of the pre-packaged validators and filters?

Let’s say you want to guard against users uploading files that contain viruses, for example. You would have to write a custom validator that checks the uploads aren’t infected. Today I’ll show you how to do just that – how to write a new file validation filter for Zend Framework that uses ClamAVto ensure uploaded files are virus-free.

Adding ClamAV Support to PHP

First you’ll need to install ClamAV support. I’m basing this installation procedure around Linux, specifically Ubuntu. If you’re using another distribution, you may need to adjust the commands accordingly. Unfortunately, if you’re using Windows however, you’ll need to use a Linux-based Virtual Appliance or setup a virtual machine running Linux to follow along since the php-clamav extension doesn’t support Windows as yet.

dkozar evolved a working method to Authenticate and Authorize a Flex based app datas service call using Zend AMF, he writes;

I’ve been struggling with it, and figured it all out – so, perhaps it could help others.

The authentication is called on the server only if credentials supplied from the client (via the remote procedure call headers). This snippet illustrates the setup of custom auth (these are the last 6 lines of gateway.php script):
// Handle request
$auth = new My_Amf_Auth(); // authentication
$server->setAuth($auth);
$acl = new Zend_Acl(); // authorization
$server->setAcl($acl);
echo $server->handle();

// NOTE: The point is that $result->_identity is an OBJECT (of type stdClass), NOT string
// with Zend_Auth_Adapter_DbTable it is internally accomplished by calling its getResultRowObject() method
// It constructs the stdClass with properties named after table attributes

//returning true to signal that we want to check privileges before accessing methods of this class
//in my tests if we don't return anything it will treat it like we will return false so better return true or false
//your intentions will be clear
return true;
}

Note that the authorization is being built dynamically inside the initAcl method.

On the Flex side I have an auto-generated class (MyService) which extends another auto-generated class (_Super_MyService).

The point is that the outer one is auto-generated only once (initially), and you can modify it, without worrying to be overwritten on service regeneration.

There’s a protected property _serviceControl (which is of type RemoteObject) which could be tweaked if needed.

I’m tweaking it by of setting the endpoint (with string read from a client side config in preInitializeService() method). Plus, I’m adding 2 more methods, which expose setCredentials and setRemoteCredentials methods of _serviceControl, so I can acces it from my code.

The authentication via Zend_Amf_Server is, by the way, OPTIONAL! Meaning, with no credentials supplied, Zend_Amf_Server will NOT RUN IT. Thus you should rely on Zend_Acl (e.g. roles) to so your permissions and security!

Kevin Schroeder writes; I forget why, but a few days ago I started doing some digging around with authentication in Zend_Amf_Server. I had figured that I would add an adapter to the Zend_Amf_Server::setAuth() method and that would be it.

But I was wrong.

AMF allows for multiple request bodies to be sent at the same time. Of those there are several “special” types of commands. One of those commands is logging in. What this means is that you don’t need a method that logs someone in for you. Zend_Amf_Server handles authentication separately from your service classes.

Authentication for Zend_Amf_Server will generally use a combination of Zend_Auth and Zend_Acl components. Zend_Auth is used to provide the credential verification while Zend_Acl is used to validate that the current user user can access the requested service method. It is actually a relatively trivial task to restrict access to non-logged in users using the method that I will describe here.

The first step in the process is to create an authentication adapter. It really doesn’t matter what you’re using. What matters is that the adapter returns an identity object with a property called “role”. The built in ACL handle expects this to be part of the identity object.

The Auth class extends Zend_Amf_Auth_Abstract because Flex seems to require username and passwords as being the only mechanism for passing credentials. The abstract class defines a method that hooks in with the special commands and passes the special credentials to the special adapter. Clearly your authentication mechanism should be better than the one that I put in here, but you’ll get the idea. The most important part is adding the role property to the identity object and passing it to the Zend_Auth_Result object.

Then in your gateway you need to add this adapter as well as create an simple ACL.

This adds the new Auth role to the ACL and says that it has access to everything. Since there is no place where I allow guest access (denoted by Zend_Amf_Constants::GUEST_ROLE in the adapter) guest requests will be denied.

With just this little bit of code you now have a mechanism that will provide restricted access to all of your service objects.